Google Duo is end-to-end encrypted [0]. I don't know about Meet.

Disclaimer: Working at Google, in the same org as Duo.

[0] http://support.google.com/duo/answer/9280240?hl=en

Ah, it's nice to hear that Duo does e2e, thanks.

Very well explained, too. Great work.

> I'm pretty sure that Google Meet isn't end-to-end encrypted either. Nothing that Google does is.

To the best of my understanding, they say that it is https://support.google.com/a/answer/7582940?hl=en

EDIT: On rereading they actually just say that it is encrypted, not neccesarily end-to-end encrypted.

Google provides close captioning for meet calls. That means it's not E2E. Also pretty much no service can provide multi-party video call with adaptive quality without completely destroying your bandwidth.

I'm interested in knowing more about why closed captions would imply not end-to-end encrypted. Wouldn't it be possible to build a model and distribute the model with the client-side application, and run it at the edge?

If they did that, everyone would have the model (meaning you would see closed captions in a lot more places, because it would absolutely be stolen).

Google translate and Google Gboard offer offline voice to text transcription... So it would seem the model is indeed on your device, and Google says as such - http://ai.googleblog.com/2019/03/an-all-neural-on-device-spe...

On the ARM TrustZone, maybe? Or whatever co-processor run Widevine.

Isn't 128-bit AES and SHA-1 fairly weak encryption nowadays?

128-bit AES is not "weak" by any definition of the term.

SHA-1 is deprecated but it's good enough for this application for the near future.

>128-bit AES

Perfectly fine...

>SHA-1

You missed the important bit:

>SHA-1 HMAC

Also perfectly fine...